Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:23:16, on 1/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\Arquivos de programas\Sandboxie\SbieSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
e:\arquivos de programas\idt\5902xp_6033v_012208\wdm\STacSV.exe
E:\WINDOWS\Explorer.EXE
E:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
E:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
E:\Arquivos de programas\Lexmark 2500 Series\lxddmon.exe
E:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\Arquivos de programas\Lexmark 2500 Series\lxddamon.exe
E:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
E:\Arquivos de programas\Google\Google Talk\googletalk.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
E:\WINDOWS\system32\lxddcoms.exe
E:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
E:\Arquivos de programas\IDT\WDM\sttray.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
E:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
E:\Arquivos de programas\Free Download Manager\fdm.exe
E:\Arquivos de programas\Software Informer\softinfo.exe
E:\Arquivos de programas\Sandboxie\SbieCtrl.exe
E:\Documents and Settings\Administrador\Dados de aplicativos\Dropbox\bin\Dropbox.exe
E:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\svchost.exe
E:\Arquivos de programas\WinRAR\WinRAR.exe
E:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
E:\Arquivos de programas\Opera\opera.exe
E:\Documents and Settings\Administrador\Desktop\programaw\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - E:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7EE8AAE3-E4EF-4F10-8D6C-C95761D59402}8D6C-C95761D59402} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - E:\Arquivos de programas\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [lxddmon.exe] "E:\Arquivos de programas\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "E:\Arquivos de programas\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [googletalk] E:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EVGAPrecision] "E:\Arquivos de programas\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OutpostMonitor] E:\ARQUIV~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "E:\Arquivos de programas\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ProxyCap] E:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Free Download Manager] "E:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "E:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [SandboxieControl] "E:\Arquivos de programas\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "E:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Dropbox.lnk = E:\Documents and Settings\Administrador\Dados de aplicativos\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://E:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://E:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://E:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://E:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: e:\arquiv~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - E:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - E:\ARQUIV~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - E:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - E:\WINDOWS\system32\lxddcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - E:\Arquivos de programas\Sandboxie\SbieSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - e:\arquivos de programas\idt\5902xp_6033v_012208\wdm\STacSV.exe
--
End of file - 12942 bytes
Já scaneei com o Malwarebytes e ele removeu alguns vírus. Será que está limpo?
eyamamoto
Super Participante
Registrado
865 Mensagens
13 Curtidas
HijackThis- Log
#1 Por eyamamoto
01/05/2011 - 00:28